On 7/22/13 4:06 PM, Andrew Gilmore wrote:
The text of this rationale overstates the issue, as well as being
difficult to understand.
I had to fix this for my own use, so why not share?
Signed-off-by: Andrew Gilmore<agilmore2(a)gmail.com>
---
RHEL6/input/services/ssh.xml | 5 ++---
1 files changed, 2 insertions(+), 3 deletions(-)
diff --git a/RHEL6/input/services/ssh.xml b/RHEL6/input/services/ssh.xml
index 59330ab..c3b97cc 100644
--- a/RHEL6/input/services/ssh.xml
+++ b/RHEL6/input/services/ssh.xml
@@ -163,9 +163,8 @@ If properly configured, the output should be:
<pre>ClientAliveInterval 900</pre>
</ocil>
<rationale>
-Causing idle users to be automatically logged out
-guards against compromises one system leading trivially
-to compromises on another.
$ git blame RHEL6/input/services/ssh.xml | grep
"Causing idle"
1788d52f (Shawn Wells 2012-10-25 08:45:15 -0400 166) Causing idle
users to be automatically logged out
http://i.imgur.com/3xPms.gif
+Automatically logging out idle users guards against one
+compromised system leading to access on another.
</rationale>
<ident cce="26919-1" />
<oval id="sshd_idle_timeout"
value="sshd_idle_timeout_value"/>
-- 1.7.1
Hopefully my name was attached to the original language through a
branch/merge, vs something I wrote!
Ack